<?xml version="1.0" encoding="utf-8"?><!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"><glsaid="200408-26"><title>zlib: Denial of service vulnerability</title><synopsis>
The zlib library contains a Denial of Service vulnerability.
</synopsis><producttype="ebuild">zlib</product><announced>2004-08-27</announced><revisedcount="02">2006-05-22</revised><bug>61749</bug><access>remote</access><affected><packagename="sys-libs/zlib"auto="yes"arch="*"><unaffectedrange="ge">1.2.1-r3</unaffected><vulnerablerange="le">1.2.1-r2</vulnerable></package></affected><background><p>
zlib is a general-purpose data-compression library.
</p></background><description><p>
zlib contains a bug in the handling of errors in the "inflate()" and
"inflateBack()" functions.
</p></description><impacttype="normal"><p>
An attacker could exploit this vulnerability to launch a Denial of
Service attack on any application using the zlib library.
</p></impact><workaround><p>
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of zlib.
</p></workaround><resolution><p>
All zlib users should upgrade to the latest version:
</p><code>
# emerge sync
# emerge -pv "&gt;=sys-libs/zlib-1.2.1-r3"
# emerge "&gt;=sys-libs/zlib-1.2.1-r3"</code><p>
You should also run revdep-rebuild to rebuild any packages that depend
on older versions of zlib :
</p><code>
# revdep-rebuild</code></resolution><references><urilink="http://www.openpkg.org/security/OpenPKG-SA-2004.038-zlib.html">OpenPKG-SA-2004.038-zlib</uri><urilink="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0797">CVE-2004-0797</uri></references><metadatatag="requester"timestamp="2004-08-26T19:08:52Z">
jaervosz
</metadata><metadatatag="submitter"timestamp="2004-08-27T05:21:24Z">
jaervosz
</metadata></glsa>